On Thu, 2 Apr 2026 20:35:12 +0200
Justin Iurman <[email protected]> wrote:
> On 4/1/26 20:57, Andrea Mayer wrote:
> > Add a selftest that verifies the dst_cache in seg6 lwtunnel is not
> > shared between the input (forwarding) and output (locally generated)
> > paths.
> >
> > The test creates three namespaces (ns_src, ns_router, ns_dst)
> > connected in a line. An SRv6 encap route on ns_router encapsulates
> > traffic destined to cafe::1 with SID fc00::100. The SID is
> > reachable only for forwarded traffic (from ns_src) via an ip rule
> > matching the ingress interface (iif veth-r0 lookup 100), and
> > blackholed in the main table.
> >
> > The test verifies that:
> >
> > 1. A packet generated locally on ns_router does not reach
> > ns_dst with an empty cache, since the SID is blackholed;
> > 2. A forwarded packet from ns_src populates the input cache
> > from table 100 and reaches ns_dst;
> > 3. A packet generated locally on ns_router still does not
> > reach ns_dst after the input cache is populated,
> > confirming the output path does not reuse the input
> > cache entry.
> >
> > Both the forwarded and local packets are pinned to the same CPU
> > with taskset, since dst_cache is per-cpu.
> >
> > [snip]
> >
> > +test_cache_isolation()
> > +{
> > + RET=0
> > +
> > + # local ping with empty cache: must fail (SID is blackholed)
> > + if ip netns exec "${NS_RTR}" taskset -c 0 \
> > + ping6 -c 1 -W 2 "${DEST}" &>/dev/null; then
> > + echo "SKIP: local ping succeeded, topology broken"
> > + exit "${ksft_skip}"
> > + fi
> > +
> > + # forward from ns_src to populate the input cache
> > + if ! ip netns exec "${NS_SRC}" taskset -c 0 \
> > + ping6 -c 1 -W 2 "${DEST}" &>/dev/null; then
> > + echo "SKIP: forwarded ping failed, topology broken"
> > + exit "${ksft_skip}"
> > + fi
> > +
> > + # local ping again: must still fail; if the output path reuses
> > + # the input cache, it bypasses the blackhole and the ping succeeds
> > + if ip netns exec "${NS_RTR}" taskset -c 0 \
> > + ping6 -c 1 -W 2 "${DEST}" &>/dev/null; then
> > + echo "FAIL: output path used dst cached by input path"
> > + RET="${ksft_fail}"
> > + else
> > + echo "PASS: output path dst_cache is independent"
> > + fi
> > +
> > + return "${RET}"
> > +}
> > +
>
> We should check it runs as root here (e.g, required for netns creation).
>
> if [ "$(id -u)" -ne 0 ]; then
> echo "SKIP: Need root privileges"
> exit "${ksft_skip}"
> fi
>
Good catch! will fix in v3.
> Otherwise, LGTM:
>
> Reviewed-by: Justin Iurman <[email protected]>
Thanks for the review.
Ciao,
Andrea
